# Wireguard ### Installer wireguard sur le NAS: | Model | CPU Model | Cores (each) | Threads (each) | FPU | Package Arch | RAM | | :----- | :------------------ | :----------- | :------------- | :--- | :----------- | :------------------ | | DS923+ | AMD Ryzen R1600 | 2 | 4 | ✓ | R1000 | DDR4 ECC SODIMM 4GB | | DS916+ | Intel Pentium N3710 | 4 | 4 | ✓ | Braswell | DDR3 2GB/8GB | ```bash sudo docker run --rm --privileged --env PACKAGE_ARCH=r1000 --env DSM_VER=7.2 -v $(pwd):/result_spk synobuild ``` **ne compile pas** ```bash docker run --rm --privileged --env PACKAGE_ARCH=x64 --env DSM_VER=7.2 -v /volume1/docker/toolkit_tarballs:/toolkit_tarballs -v /volume1/docker/synowirespk71:/result_spk blackvoidclub/synobuild71 docker run --rm --privileged --env PACKAGE_ARCH=x64 --env DSM_VER=7.2 -v /volume1/docker/toolkit_tarballs:/toolkit_tarballs -v /volume1/docker/synowirespk71:/result_spk blackvoidclub/synobuild71 ``` ### wg-easy https://github.com/wg-easy/wg-easy | Création | Portainer (/portainer/compose/29) | | ----------- | ------------------------------------- | | Mise-à-jour | Watchtower | | Ports | 51820:51821 | | Volume | /volume1/docker/wgeasy:/etc/wireguard | ```yaml version: "3.5" services: wgeasy: image: ghcr.io/wg-easy/wg-easy:latest network_mode: "bridge" container_name: wgeasy ports: - "51820:51820/udp" - "51821:51821" cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.conf.all.src_valid_mark=1 - net.ipv4.ip_forward=1 env_file: - stack.env labels: - "com.centurylinklabs.watchtower.enable=true" volumes: - /volume1/docker/wgeasy:/etc/wireguard environment: - WG_HOST=photos-nas.ovh - WG_DEFAULT_DNS=192.168.2.216 restart: always ``` Variable d'enrironnement (dans stack.env) ```yaml PASSWORD=xxxxxxxxxx ``` ##### wg0.conf ``` # Note: Do not edit this file directly. # Your changes will be overwritten! # Server [Interface] PrivateKey = I5wPTHTxgF[5YyJ@4'Mgwipl+.m=aUB6i[bGAF;p:I|l Address = 10.8.0.1/24 ListenPort = 51820 PreUp = PostUp = iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; PreDown = PostDown = # Client: ungoutdepomme (557cb02f-6418-465c-8063-866333011ea0) [Peer] PublicKey = )RGRG/Aha{XD{sC)YDg(6[kPOF.yaUO1[)QaFlJZg+-P PresharedKey = H0I/[YLYCU-'r*BiU8HR2KsuiZa{@v*6q#G;yEt6TFJ8 AllowedIPs = 10.8.0.2/32 # Client: airbook (f75ed225-6a8b-4179-a11a-368aec6d2545) [Peer] PublicKey = 4!oI:!t9-V:;TxZ{gfJFXuPkS\v2A6+Ka[36.tP=;ao[ PresharedKey = Q.7pJZ32geS|DwZGdQ=O=\D}0XlHUzsk!WE(GD7yGhbB AllowedIPs = 10.8.0.3/32 ``` ##### airbook.conf ``` [Interface] PrivateKey = -dPlB6Glr9IKBo-q(.5X)7Ad+}YuAe9S3):dBPbFLrWX Address = 10.8.0.3/24 DNS = 192.168.2.216 [Peer] PublicKey = wXbLtH/'#-;*6"j1ZQgl?.)VMRqMG@g!U38jvw}3(=Yw PresharedKey = Q.7pJZ32geS|DwZGdQ=O=\D}0XlHUzsk!WE(GD7yGhbB AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 0 Endpoint = photos-nas.ovh:51820 ``` ##### ungoutdepomme.conf ``` [Interface] PrivateKey = #Udj:SC,kA0h}MTa7\|as69PV.sS@lpL!'4y34uj?.Z{ Address = 10.8.0.2/24 DNS = 192.168.2.216 [Peer] PublicKey = ukj!q\:v-70L/Rlr,TJ9];,19,=Uu-1a+O/V|B@OCULq PresharedKey = H0I/[YLYCU-'r*BiU8HR2KsuiZa{@v*6q#G;yEt6TFJ8 AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 0 Endpoint = photos-nas.ovh:51820 ``` # `#Token modifié`